package org.sonar.php.checks.security;

import java.util.Objects;
import java.util.Optional;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.CallArgumentTree;
import org.sonar.plugins.php.api.tree.expression.ArrayInitializerTree;
import org.sonar.plugins.php.api.tree.expression.ArrayPairTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S5876")
/* loaded from: input_file:org/sonar/php/checks/security/SessionFixationStrategyCheck.class */
public class SessionFixationStrategyCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Create a new session during user authentication to prevent session fixation attacks.";
    private static final String SECURITY_COMPONENT = "security";
    private static final String SENSITIVE_VALUE = "none";

    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        String lowerCaseFunctionName = CheckUtils.lowerCaseFunctionName(functionCallTree);
        if (("loadfromextension".equals(lowerCaseFunctionName) && isArgumentEqualsTo(functionCallTree, "extension", 0, SECURITY_COMPONENT) && isArgumentSensitiveArray(functionCallTree, "values", 1)) || (("extension".equals(lowerCaseFunctionName) && isArgumentEqualsTo(functionCallTree, "namespace", 0, SECURITY_COMPONENT) && isArgumentSensitiveArray(functionCallTree, "config", 1)) || ("prependextensionconfig".equals(lowerCaseFunctionName) && isArgumentEqualsTo(functionCallTree, "name", 0, SECURITY_COMPONENT) && isArgumentSensitiveArray(functionCallTree, "config", 1)))) {
            context().newIssue(this, functionCallTree, MESSAGE);
        }
        super.visitFunctionCall(functionCallTree);
    }

    private static boolean isArgumentEqualsTo(FunctionCallTree functionCallTree, String str, int i, String str2) {
        Optional<CallArgumentTree> argument = CheckUtils.argument(functionCallTree, str, i);
        return argument.isPresent() && isLiteralTreeEqualsTo(argument.get().value(), str2);
    }

    private static boolean isLiteralTreeEqualsTo(ExpressionTree expressionTree, String str) {
        return expressionTree.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL}) && str.equalsIgnoreCase(CheckUtils.trimQuotes((LiteralTree) expressionTree));
    }

    private static boolean isArgumentSensitiveArray(FunctionCallTree functionCallTree, String str, int i) {
        Optional map = CheckUtils.argument(functionCallTree, str, i).map((v0) -> {
            return v0.value();
        }).map(CheckUtils::assignedValue);
        Class<ArrayInitializerTree> cls = ArrayInitializerTree.class;
        Objects.requireNonNull(ArrayInitializerTree.class);
        Optional filter = map.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<ArrayInitializerTree> cls2 = ArrayInitializerTree.class;
        Objects.requireNonNull(ArrayInitializerTree.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).filter(arrayInitializerTree -> {
            return arrayInitializerTree.arrayPairs().stream().anyMatch(SessionFixationStrategyCheck::isArrayPairSensitive);
        }).isPresent();
    }

    private static boolean isArrayPairSensitive(ArrayPairTree arrayPairTree) {
        return arrayPairTree.key() != null && isLiteralTreeEqualsTo(arrayPairTree.key(), "session_fixation_strategy") && isLiteralTreeEqualsTo(arrayPairTree.value(), SENSITIVE_VALUE);
    }
}
